from:"Jason A. Donenfeld"

Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive()

2020-04-14 Thread Jason A. Donenfeld

On 4/13/20 3:15 PM, Waiman Long wrote: As said by Linus: A symmetric naming is only helpful if it implies symmetries in use. Otherwise it's actively misleading. In "kzalloc()", the z is meaningful and an important part of what the caller wants. In "kzfree()", the z is actively d

[PATCH 4/4] ozwpan: unchecked signed subtraction leads to DoS

2015-05-13 Thread Jason A. Donenfeld

_mac[0], dest_mac[1], dest_mac[2], dest_mac[3], dest_mac[4], dest_mac[5] } }; if (sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; }

[PATCH 3/4] ozwpan: divide-by-zero leading to panic

2015-05-13 Thread Jason A. Donenfeld

_address = { .sll_ifindex = interface_index, .sll_halen = ETH_ALEN, .sll_addr = { dest_mac[0], dest_mac[1], dest_mac[2], dest_mac[3], dest_mac[4], dest_mac[5] } }; if (sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)

[PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities

2015-05-13 Thread Jason A. Donenfeld

in the bounds of the socket buffer. Jason A. Donenfeld (4): ozwpan: Use proper check to prevent heap overflow ozwpan: Use unsigned ints to prevent heap overflow ozwpan: divide-by-zero leading to panic ozwpan: unchecked signed subtraction leads to DoS drivers/staging/ozwpan/ozhcd.c |

[PATCH 2/4] ozwpan: Use unsigned ints to prevent heap overflow

2015-05-13 Thread Jason A. Donenfeld

if (sendto(sockfd, &connect_packet, sizeof(connect_packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; } usleep(30); if (sendto(sockfd, &pwn_pack

[PATCH 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-13 Thread Jason A. Donenfeld

o(sockfd, &connect_packet, sizeof(connect_packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; } usleep(30); if (sendto(sockfd, &pwn_packet, sizeof(pwn_packet), 0

Re: [PATCH 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-15 Thread Jason A. Donenfeld

On May 15, 2015 4:10 PM, "David Laight" wrote: > Why not just check the length. eg: > unsigned int data_len = elt->length; > if (data_len < sizeof(struct oz_get_desc_rsp) + 1) > break; Sure. > >

[PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-26 Thread Jason A. Donenfeld

o(sockfd, &connect_packet, sizeof(connect_packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; } usleep(30); if (sendto(sockfd, &pwn_packet, sizeof(pwn_packet), 0

[PATCH v2 3/4] ozwpan: divide-by-zero leading to panic

2015-05-26 Thread Jason A. Donenfeld

_address = { .sll_ifindex = interface_index, .sll_halen = ETH_ALEN, .sll_addr = { dest_mac[0], dest_mac[1], dest_mac[2], dest_mac[3], dest_mac[4], dest_mac[5] } }; if (sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)

[PATCH v2 2/4] ozwpan: Use unsigned ints to prevent heap overflow

2015-05-26 Thread Jason A. Donenfeld

if (sendto(sockfd, &connect_packet, sizeof(connect_packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; } usleep(30); if (sendto(sockfd, &pwn_pack

[PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS

2015-05-26 Thread Jason A. Donenfeld

_mac[0], dest_mac[1], dest_mac[2], dest_mac[3], dest_mac[4], dest_mac[5] } }; if (sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; }

[PATCH v2 0/4] ozwpan: Four remote packet-of-death vulnerabilities

2015-05-26 Thread Jason A. Donenfeld

rx function, adding checks to ensure all reads and casts are within the bounds of the socket buffer. Jason A. Donenfeld (4): ozwpan: Use proper check to prevent heap overflow ozwpan: Use unsigned ints to prevent heap overflow ozwpan: divide-by-zero leading to panic ozwpan: unchecked signed subt

Re: [PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-26 Thread Jason A. Donenfeld

On Tue, May 26, 2015 at 3:32 PM, Dan Carpenter wrote: > On Tue, May 26, 2015 at 02:17:46PM +0200, Jason A. Donenfeld wrote: >> + data_len = elt->length - >> sizeof(struct oz_get_desc_rsp) + 1; > > This was in

Re: [oss-security] Re: [PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS

2015-05-26 Thread Jason A. Donenfeld

On Tue, May 26, 2015 at 4:06 PM, Dan Carpenter wrote: > You sure do like wrapping to a high value and testing the result for > wrapping instead of validating before doing the subtraction... I do indeed. It seems like asking "did it overflow?" is more straight-forward and easier to read than tryin

Re: [PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-26 Thread Jason A. Donenfeld

On Tue, May 26, 2015 at 3:56 PM, Dan Carpenter wrote: >> elt->length is a u8, so the upper bound is 255. > > Yes. I know that, but is 255 correct? Eventually body->data is passed to oz_hcd_get_desc_cnf along with data_len. In there, body->data (now called desc) is memcpy'd into a URB transfer bu

Re: [oss-security] Re: [PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS

2015-05-28 Thread Jason A. Donenfeld

On Thu, May 28, 2015 at 1:04 PM, Dan Carpenter wrote: > It's really not simpler to understand though. Greg - do you want me to resubmit a v3 for this, or does it not really matter and we can address this in another series? Personally, I'm erring on the side of wanting to get *something* merged so

[PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Jason A. Donenfeld

o(sockfd, &connect_packet, sizeof(connect_packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; } usleep(30); if (sendto(sockfd, &pwn_packet, sizeof(pwn_pa

[PATCH v3 0/4] ozwpan: Four remote packet-of-death vulnerabilities

2015-05-29 Thread Jason A. Donenfeld

ction, adding checks to ensure all reads and casts are within the bounds of the socket buffer. Jason A. Donenfeld (4): ozwpan: Use proper check to prevent heap overflow ozwpan: Use unsigned ints to prevent heap overflow ozwpan: divide-by-zero leading to panic ozwpan: unchecked signed subt

[PATCH v3 3/4] ozwpan: divide-by-zero leading to panic

2015-05-29 Thread Jason A. Donenfeld

_address = { .sll_ifindex = interface_index, .sll_halen = ETH_ALEN, .sll_addr = { dest_mac[0], dest_mac[1], dest_mac[2], dest_mac[3], dest_mac[4], dest_mac[5] } }; if (sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)

[PATCH v3 2/4] ozwpan: Use unsigned ints to prevent heap overflow

2015-05-29 Thread Jason A. Donenfeld

if (sendto(sockfd, &connect_packet, sizeof(connect_packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; } usleep(30); if (sendto(sockfd, &pwn_pack

[PATCH v3 4/4] ozwpan: unchecked signed subtraction leads to DoS

2015-05-29 Thread Jason A. Donenfeld

_mac[0], dest_mac[1], dest_mac[2], dest_mac[3], dest_mac[4], dest_mac[5] } }; if (sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)&socket_address, sizeof(socket_address)) < 0) { perror("sendto"); return 1; } retu

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Jason A. Donenfeld

On Fri, May 29, 2015 at 2:41 PM, Dan Carpenter wrote: > Acked-by: Dan Carpenter Acked for the rest of the set too? ___ devel mailing list de...@linuxdriverproject.org http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

2015-05-29 Thread Jason A. Donenfeld

On Fri, May 29, 2015 at 2:36 PM, Frans Klaver wrote: > > I would say that it is because part of the expression has been placed > inside parentheses: > > a - b + 1 == a - (b - 1) > > Guess it makes the decision logic slightly more readable. Yes, exactly this. It's so that the bounding check co

Future of Ozwpan Driver - Maintainer? [Was: Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities]

2015-06-01 Thread Jason A. Donenfeld

ed, May 13, 2015 at 8:33 PM, Jason A. Donenfeld wrote: > On a slightly related note, there are several other vulnerabilities in > this driver that are worth looking into. When ozwpan receives a packet, > it casts the packet into a variety of different structs, based on the > va

Re: Future of Ozwpan Driver - Maintainer? [Was: Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities]

2015-06-02 Thread Jason A. Donenfeld

On Tue, Jun 2, 2015 at 3:35 AM, Greg Kroah-Hartman wrote: > I don't know, but I'm a bit loath to delete the driver from the tree as > then people will just continue to use the version with all of the bugs. Yea, I understand that. Though, I'm pretty sure that most users of ozwpan use old forks tie

Ozwpan Driver: Removal Recommended

2015-08-10 Thread Jason A. Donenfeld

intained driver from the tree. It simply didn't pass the "staging test". Regards, Jason On Tue, Jun 2, 2015 at 1:35 PM, Jason A. Donenfeld wrote: > On Tue, Jun 2, 2015 at 3:35 AM, Greg Kroah-Hartman > wrote: >> I don't know, but I'm a bit loath to delete

Re: Ozwpan Driver: Removal Recommended

2015-08-10 Thread Jason A. Donenfeld

On Mon, Aug 10, 2015 at 3:31 PM, Jason A. Donenfeld wrote: > Meanwhile Dan > Carpenter has posted a patch for a security vulnerability in ozwpan > that hasn't been reviewed or merged. Sorry, I see that you did in fact pick up this patch, so I retract that statement. Nonetheless,

[PATCH 1/2] ozwpan: The maintainers are MIA, so orphan

2015-08-10 Thread Jason A. Donenfeld

Ozwpan is completely unmaintained and potentially a security problem. As this is a staging driver, it should be removed, since it has been abandoned. Marking it as orphaned is the first step here. Signed-off-by: Jason A. Donenfeld --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1

Re: [PATCH v4 0/3] mm, treewide: Rename kzfree() to kfree_sensitive()

2020-06-16 Thread Jason A. Donenfeld

On Tue, Jun 16, 2020 at 12:54 PM Joe Perches wrote: > > On Mon, 2020-06-15 at 21:57 -0400, Waiman Long wrote: > > v4: > > - Break out the memzero_explicit() change as suggested by Dan Carpenter > > so that it can be backported to stable. > > - Drop the "crypto: Remove unnecessary memzero_

Re: [PATCH 1/2] mm, treewide: Rename kzfree() to kfree_sensitive()

[PATCH 4/4] ozwpan: unchecked signed subtraction leads to DoS

[PATCH 3/4] ozwpan: divide-by-zero leading to panic

[PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities

[PATCH 2/4] ozwpan: Use unsigned ints to prevent heap overflow

[PATCH 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [PATCH 1/4] ozwpan: Use proper check to prevent heap overflow

[PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow

[PATCH v2 3/4] ozwpan: divide-by-zero leading to panic

[PATCH v2 2/4] ozwpan: Use unsigned ints to prevent heap overflow

[PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS

[PATCH v2 0/4] ozwpan: Four remote packet-of-death vulnerabilities

Re: [PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [oss-security] Re: [PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS

Re: [PATCH v2 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [oss-security] Re: [PATCH v2 4/4] ozwpan: unchecked signed subtraction leads to DoS

[PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

[PATCH v3 0/4] ozwpan: Four remote packet-of-death vulnerabilities

[PATCH v3 3/4] ozwpan: divide-by-zero leading to panic

[PATCH v3 2/4] ozwpan: Use unsigned ints to prevent heap overflow

[PATCH v3 4/4] ozwpan: unchecked signed subtraction leads to DoS

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

Re: [PATCH v3 1/4] ozwpan: Use proper check to prevent heap overflow

Future of Ozwpan Driver - Maintainer? [Was: Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities]

Re: Future of Ozwpan Driver - Maintainer? [Was: Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities]

Ozwpan Driver: Removal Recommended

Re: Ozwpan Driver: Removal Recommended

[PATCH 1/2] ozwpan: The maintainers are MIA, so orphan

Re: [PATCH v4 0/3] mm, treewide: Rename kzfree() to kfree_sensitive()

29 matches

Site Navigation

Mail list logo

Footer information